Skip to main content

App developers are going through your email — here is how to stop them

The Wall Street Journal reports that application developers, both mobile and desktop, are busy rummaging through the email of thousands and thousands of users with free accounts from Gmail, Yahoo, and Microsoft. The Journal rightfully chastises the companies involved for allowing this to happen then proceeds to tell us why it's happening: because we said they could.

Of course developers (and worse, think of that last crummy app you installed that just spammed trash at you until you deleted it) are going to access your account when they asked you if they could and you said yes. It's also not something new and not something isolated to any particular service provider. But it is predatory behavior and one of those things that should cause heads to roll.

It's easy to blame the user. It's also lazy and lets the real culprit get away with it.

Here's what's going on: you see an app or browser extension or something you can install and give it access to your email account so it can do wonderful things like price match airline tickets or help you build out a marketing mail list or something else that sounds like a good idea. You understand that this service will need to see the email that comes to your inbox, because how else will it know you're reserving two tickets to Jamaica for a nice vacation? Everything sounds nice and tidy, but most people never stop to think that giving an app's developers access to your inbox means they can see what's inside your inbox.

The companies called out by the Journal, like Return Path, are telling you in advance what they need to do then getting explicit permission for it by adding a line into the terms and agreements we need to understand before we install the service. The companies that give you free email service are only letting companies you have authorized sift through your mail. It sounds like a blameless situation that's entirely our fault and we should have known better. But it's still sad that it is allowed to happen.

I can't undo it. I can make sure you know what the WSJ is talking about and angrily type words late on a Monday night, but I can't make it go away. But you can.

  • Click here for Gmail.
  • Click here Microsoft Mail.
  • Click here for Yahoo!
  • Find the section of the page labeled "Apps with access to your account" or something very similar. For Gmail, it is the very top item.
  • Go through the list and revoke permissions for any app you do not want accessing your mail.
  • Go through it a second time and make sure you want the apps that are left to have access to the parts of your account that are listed.

And remember, always read what the thing you are installing or signing up for can do, and never trust anyone when it comes to decisions about your privacy.

Have you listened to this week's Android Central Podcast?

Android Central

Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.

Jerry Hildenbrand
Jerry Hildenbrand

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

9 Comments
  • Nice and clean. Thanks for the reminder to check.
  • Mine says I havnt given any apps those permissions. Good job Jimmy!
  • 1 app. My email client, AquaMail. Don't think they actually read my mail though. And if the Gmail app wasn't so crappy (limited, that is) I would not have to use this!
    But I generell, I go through these settings once in a while anyway. Great reminder, Jerry!
  • Hm, looks like my Feedly Account still has access to my Google Reader information. Probably should take care of that.
  • Thanks...great article
  • I was surprised how few apps had permission. Honestly, the Google account dashboard is so easy to use (and they nag me to use it so often), I actually am pretty on top of my account privacy. Thanks for the vigilance Jerry. When the zombie Apocalypse hits, you're welcome in my bunker.
  • Yes, it is easy to blame the user. And that is exactly where the blame belongs, because that is who authorized access to their email accounts. Good grief, even Microsoft has always explicitly notified the user that if said user wants Cortana to provide services like automated package tracking, etc., etc., the user has to give Cortana access to email. It really is time we start holding users accountable for their own stupidity.
  • Agreed. Granting permissions is like any other agreement that people enter into. Whether your bank or cable provider or whatever, people need to take some personal responsibility with the things they agree to.
  • Well, there is a difference between someone who has permission to you use your bathroom and that same someone using your bathroom then going through your medicine cabinet.